2014-04-28

awareness is never enough

We talk a lot about user security awareness.

But awareness is never enough.

I might be aware that you forgot to close the window on a rainy night. This won't help unless I care to close it or remind you. I might be aware that my password could be misused by a malicious individual. This won't help unless I care to make an effort to protect it.

I must care enough to do the right thing when it would be easier not to. I must be committed. So, let’s stop parroting awareness as an end goal. It’s not.